Cyber thieves making millions in profits

Michigan State University criminologist Thomas J. Holt led one of the first studies to estimate the massive scope of cybercrime profits. Credit: Michigan State University

Cyber thieves who steal credit and debit card numbers are making millions of dollars in profits, fueling a global criminal enterprise marked by the high-profile data breaches of major companies such as Target and Home Depot.

Thomas J. Holt, Michigan State University criminologist and lead investigator of one of the first scientific studies to estimate cybercrime profits, said the findings should be a wakeup call for consumers and law enforcement officials alike.

The study, published online in the journal Deviant Behavior, was funded by the National Institute of Justice.

"In the past two years there have been hundreds of data breaches involving customer information, some very serious like the Target breach in 2013," said Holt, associate professor of criminal justice. "It's happening so often that average consumers are just getting into this mindset of, 'Well, my bank will just re-issue the card, it's not a problem.' But this is more than a hassle or inconvenience. It's a real economic phenomenon that has real economic impact and consequences."

Holt and fellow researchers analyzed online forums in English and Russian where criminals sold stolen financial and personal information, often in batches of 50 or 100. The buyers then attempt to access the victims' bank accounts or buy goods or services with the stolen cards.

On average, a batch of 50 stolen credit or debit cards can make a seller between about $250,000 and $1 million.

Buyers, in turn, assume more risk (since they could get caught trying to use the cards), but also stand to gain more. On average, a batch of 50 stolen credit or debit cards could make the buyer between $2 million (if only 25 percent of the cards worked) and nearly $8 million (if all cards worked).

Ultimately, Holt said he hopes to help protect consumers from the potentially disastrous effects of identity theft and credit fraud.

"My goal is make people cognizant of just how much their personal information means, how much value there is," Holt said. "If we don't understand the scope of this problem, if we just treat it as a nuisance, then we're going to enable and embolden this as a form of crime that won't stop."

Related Stories

Stopping massive data breaches like the one that hit Target will require a more sophisticated, collaborative approach by law enforcement agencies around the world, a Michigan State University cyber security expert argues.

JPMorgan Chase will replace all of its customers' debit cards with more secure chip-based cards nationwide, the bank said Tuesday, and expects to have chips on 70 percent of its debit cards by the end of 2015.

A Michigan State University criminologist dug into the seamy underbelly of online credit card theft and uncovered a surprisingly sophisticated network of crooks that is unique in the cybercrime domain.

Shoppers have launched into the holiday buying season and retailers are looking forward to year-end sales that make up almost 20% of their annual receipts. But as you check out at a store or click "purchase" on your online ...

Criminals from around the world buy and sell stolen credit card information with ease in today's digital age. But if they commit their crime entirely outside the United States, they may be hard to prosecute.

Recommended for you

Michigan auditors who conducted a fake "phishing" attack on 5,000 randomly selected state employees said Friday that nearly one-third opened the email, a quarter clicked on the link and almost one-fifth entered their user ...

A research team of Seoul National University led by Professor Kyu-Jin Cho has developed an origami-inspired robotic arm that is foldable, self-assembling and also highly-rigid. (The researchers include Suk-Jun Kim, Dae-Young ...

A study led by researchers at Tokyo Institute of Technology (Tokyo Tech) has uncovered new ways of driving multi-legged robots by means of a two-level controller. The proposed controller uses a network of so-called non-linear ...

0 comments

Please sign in to add a comment.
Registration is free, and takes less than a minute.
Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.